Jump to content

Recommended Posts

How can I make my PHP script non accessible to users? I am wanting to cron the script and don't want anybody to spam the script as it would cause performance issues if it was constantly spammed by a user. Can I put the PHP file anywhere that only the server can run it?

 

Thanks any info would be awesome.  

Don't put it within your http server's document root. There is no reason it needs to be executed via http.

The one problem that I have run into trying that method is that your paths for any included files become difficult to figure out.  Plus if you're using a framework to gather a bunch of files that have critical parts being used in the cron script it's very hard to modify all those files and you really don't want to cause they are core files to the framework.

 

So what I use is this at the very top of the cron script.  This way no outside IP can run the script contents below this line, it'll just return a Invalid Request to whom ever is trying to access it.

if($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");

So what I use is this at the very top of the cron script.  This way no outside IP can run the script contents below this line, it'll just return a Invalid Request to whom ever is trying to access it.

if($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");

 

This is a bad idea. The REMOTE_ADDR depends on the server setup and may very well be identical to the SERVER_ADDR at all times (in case of a reverse proxy, for example).

 

While this may work as a quick hack in your specific case, it's definitely not a solution. As trq already said, place the scripts outside of the document root. If that's not possible, there's something wrong with how you use paths.

This is a bad idea. The REMOTE_ADDR depends on the server setup and may very well be identical to the SERVER_ADDR at all times (in case of a reverse proxy, for example).

Well I am far from knowledgeable with how a server really works, so touche.  I guess I can't say that it's a perfect solution on my page either then, all I can test is me going to the script from my laptop and having it say Invalid Request.  I don't know a single thing about a proxy.

 

As far as the path stuff goes, I just remembered that I wasn't trying to run it outside the root but rather a directory up or 2 from the root.  It gave me tons of (I think) include and require path issues cause CRON runs from a different path or something than the actual root, so it couldn't locate numerous files.  Now MAYBE that's something on how my files are coded but I found many other people with the same issue. 

 

I'm always up for learning a better way :)

I always specify absolute paths for things that I know are not going to move.  That way they are always 'found'.  I don't see it as a problem.  In my std. startup logic I always set a couple of vars to be used for this purpose.  This logic is included in my scripts, so should I EVER NEED to modify my paths, it's a simple change.

 

If your task is going to reference files that are expected in some odd folder name or under some folder name, simply specify the absolute path to that folder or parent and work from there.  One doesn't HAVE to rely on php's search methodology to find things....

 

Since you should be running cron jobs via cli...

if (php_sapi_name() != "cli") {
  die('No Remote Execution');
}

I tried this and variations of it while trying to setup things in the past and was not able to ever make it work.

Yes, wget basically is a http wrapper calling the url like a browser would, which means it's not actually using the PHP CLI but using whatever your webserver is using, like cgi, cgi-fcgi, etc.

 

If in crontab you used

/usr/bin/php5 -q /path/to/php/script.php

then it would be CLI

  • Like 1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.